Super value dry goods | suggested collection: exquisite and detailed HTTPS schematic diagram, please check!

super value dry goods suggested

As a pursuing programmer , It is necessary to understand the development trend of the industry and expand the computer knowledge reserve , In particular, some basic aspects of the computer , For example, this article will talk about computer network knowledge . This article will give you a detailed comb HTTPS Implementation principle of .

In recent years , With the improvement of security awareness of users and Internet enterprises and HTTPS The fall in cost ,HTTPS It has become more and more popular . Many Internet giants are pushing HTTPS, Like Google's Chrome Browser accessing HTTP The website will display unsafe reminders in the address bar , Wechat requires all small programs to use HTTPS Transfer protocol , Apple also requires all in App Store The application on the shelf must use HTTPS , Most of the mainstream websites at home and abroad have moved to HTTPS, so HTTPS Take the place of HTTP It's just a matter of time .

Said so much , What exactly is HTTPS? It is associated with HTTP What are the advantages and disadvantages of comparison ? What is the underlying implementation principle ? Here are some answers for you , Let's take a look first HTTP The disadvantages of .

1、HTTP The biggest drawback of —— unsafe

HTTP The reason why HTTPS replace , The biggest reason is insecurity , As for why it's not safe , Look at the picture below and you can see it at a glance .

chart 1\. HTTP Data transfer process

The figure is visible ,HTTP In the process of transmitting data , All data is transmitted in clear text , There is no safety in nature , Especially some sensitive data , Such as user password and credit card information , Once acquired by a third party , The consequences are unimaginable . Someone here might say , I can encrypt sensitive data on the front page , such as MD5 Add salt and encrypt . It's too simple to think about it . First MD5 It's not an encryption algorithm , Its full name is Message Digest Algorithm MD5, Information digest algorithm , It's an irreversible hash algorithm , That is, through the front end MD5 The processed data cannot be recovered on the server side . Here's an example of a password , The front end passes the user's password through MD5 To deal with , And send the hash value to the server , The server couldn't recover the password , The hash value will be used directly to process the user request . So after the third party gets the hash value , You can bypass the front-end login page to access the server directly , Cause safety problems . in addition ,MD5 The security of the algorithm itself also has defects , Let's not talk about it here .

All in all MD5,SHA-1 Hash algorithms like this don't make HTTP Become safer . Want to let HTTP More secure , Only real encryption algorithms can be used , Because encryption algorithms can encrypt or restore data with a key , Just make sure that the key is not obtained by a third party , That will ensure the security of data transmission . And that's what HTTPS Solutions for , Now let's learn about the encryption algorithm .

2、 encryption algorithm

HTTPS The solution to the problem of data transmission security is to use encryption algorithm , Specifically, it's a hybrid encryption algorithm , That is to say, the mixed use of symmetric encryption and asymmetric encryption , It is necessary to understand the differences and advantages and disadvantages of these two encryption algorithms .

2.1 Symmetric encryption

Symmetric encryption , As the name suggests, both encryption and decryption use the same key , The common symmetric encryption algorithms are DES、3DES and AES etc. , Its advantages and disadvantages are as follows :

  • advantage : Algorithm disclosure 、 A small amount of calculation 、 Fast encryption 、 High encryption efficiency , Suitable for encrypting large data .
  • shortcoming :
  1. Both parties need to use the same key , It's impossible to avoid the transmission of the key , The key cannot be guaranteed not to be intercepted in the process of transmission , So the security of symmetric encryption is not guaranteed .
  2. Every time a pair of users uses symmetric encryption algorithm , You need to use a unique key that no one else knows , This will lead to a sharp increase in the number of keys owned by both parties , Key management becomes a burden for both parties . Symmetric encryption algorithm is difficult to use in distributed network system , It's mainly because of the difficulty of key management , High use cost .

This paper does not introduce the specific encryption algorithm in detail , Interested students can refer to Symmetric encryption algorithm details , If the symmetric encryption algorithm is directly used in HTTP in , It will be the following effect :

chart 2\. Symmetric encryption data transmission process

As you can see from the diagram , The encrypted data is random code in the transmission process , Even if intercepted by a third party , You can't decrypt data without a key , It also ensures the security of the data . But there's a fatal problem , That is, since both parties want to use the same key , Then one party must pass the key to the other party before transmitting the data , In this process, the key is likely to be intercepted , In this way, encrypted data can also be easily decrypted . So how to ensure the security of the key in the process of transmission ? This is going to use asymmetric encryption .

2.2 Asymmetric encryption

Asymmetric encryption , seeing the name of a thing one thinks of its function , Encryption and decryption require two different keys : Public key (public key) And a private key (private key). Public key and private key are a pair , If you encrypt data with a public key , Only the corresponding private key can be used to decrypt ; If you encrypt data with a private key , Then only the corresponding public key can be decrypted . The basic process of secret information exchange by asymmetric encryption algorithm is : Party A generates a pair of keys and publishes one of them as a public key ; Party B who obtains the public key encrypts the confidential information with the public key and then sends it to Party A ; Party A will use its private key to decrypt the encrypted information . If you don't understand public key and private key very well , Think of it as a key and a lock , Only you are the only one in the world who has this key , You can give the lock to someone else , Others can use this lock to lock up important things , And send it to you , Because you alone have the key , So only you can see what's locked up . The commonly used asymmetric encryption algorithm is RSA Algorithm , If you want to know more about it, please click here :RSA The algorithm is explained in detail 、RSA Algorithm details 2 , Its advantages and disadvantages are as follows :

  • advantage : Algorithm disclosure , Encryption and decryption use different keys , The private key does not need to be transmitted over the network , High security .
  • shortcoming : The amount of calculation is relatively large , Encryption and decryption are much slower than symmetric encryption .

Because of the strong security of asymmetric encryption , It can be used to solve the key leakage problem of symmetric encryption perfectly , The renderings are as follows :

chart 3\. The client sends the key through asymmetric encryption KEY Send to the server

In the process , After the client gets the server's public key , Will generate a random code ( use KEY Express , This KEY It is the key used by both parties for symmetric encryption ), Then the client uses the public key to put KEY Encrypted and sent to the server , The server uses the private key to decrypt it , So both sides have the same key KEY, Then both sides use KEY Symmetric encryption of interactive data . In asymmetric encrypted transmission KEY In the process of , Even if a third party obtains the public key and encrypted KEY, It can't be cracked without a private key KEY ( The private key exists in the server , The risk of leakage is minimal ), This ensures the security of the next symmetric encryption data . And the flow chart above is just HTTPS The prototype of ,HTTPS It just combines the advantages of these two encryption algorithms , It not only ensures communication security , It also ensures data transmission efficiency .

3、HTTPS The principle,

Take a look at Wikipedia, right HTTPS The definition of

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, its predecessor, Secure Sockets Layer (SSL). The protocol is therefore also often referred to as HTTP over TLS, or HTTP over SSL.

HTTPS (Hypertext Transfer Protocol Secure) Is based on HTTP An extension of , For secure communication in computer networks , It has been widely used on the Internet . stay HTTPS in , The original HTTP The agreement will get TLS ( Secure transport layer protocol ) Or its predecessors SSL ( Secure socket layer ) The encryption . therefore HTTPS Also often referred to as HTTP over TLS or HTTP over SSL.

so HTTPS It's not a separate communication protocol , It's right HTTP An extension of , Communication security is guaranteed , The relationship between them is as follows :

chart 4\. HTTP and HTTPS The relationship between

in other words HTTPS = HTTP + SSL / TLS.

Next is the most important HTTPS The principle explains , The old rule is to go first .

chart 5\. HTTPS encryption 、 Decrypt 、 Verification and data transmission process

It looks dazzling , Don't be afraid of , Listen to me carefully .HTTPS The whole communication process can be divided into two stages : Certificate validation and data transfer phase , The data transmission stage can be divided into two stages: asymmetric encryption and symmetric encryption . The specific process is explained according to the serial number in the figure .

1. Client request HTTPS website , Then connect to server Of 443 port (HTTPS Default port , Be similar to HTTP Of 80 port ).

2. use HTTPS The protocol server must have a set of numbers CA (Certification Authority) certificate , Certificates are required to be applied for , And by a special digital certificate certification agency (CA) The electronic certificate issued after passing the very strict examination ( Of course, it's money , The higher the security level, the more expensive the price ). A private key and a public key are generated when a certificate is issued . The private key is saved by the server itself , Do not leak . The public key is attached to the certificate information , It can be made public . The certificate itself also comes with an electronic signature of the certificate , This signature is used to verify the integrity and authenticity of the certificate , It can prevent the certificate from being tampered with .

3. The server responds to client requests , Pass the certificate to the client , The certificate contains the public key and a lot of other information , For example, certification authority information , Company information, certificate validity, etc .Chrome The browser can click the lock sign in the address bar and then click the certificate to see the certificate details .

chart 6\. B standing CA certificate

4. The client resolves the certificate and validates it . If the certificate is not issued by a trusted authority , Or the domain name in the certificate is inconsistent with the actual domain name , Or the certificate has expired , A warning will be displayed to visitors , It's up to them to choose whether to continue to communicate . It looks like this :

chart 7\. Browser security warning

If the certificate is OK , The client will retrieve the server's public key from the server certificate A. Then the client will generate a random code KEY, And use the public key A Encrypt it .

5. The client will encrypt the random code KEY Send to the server , As a key for later symmetric encryption .

6. The server is receiving random code KEY After that, the private key will be used B Decrypt it . After these steps , The client and server have finally established a secure connection , It solves the key leakage problem of symmetric encryption perfectly , Then you can communicate happily with symmetric encryption .

7. The server uses the key ( Random code KEY) Encrypt the data symmetrically and send it to the client , The client uses the same key ( Random code KEY) Decrypt data .

8. Both sides use symmetric encryption to happily transfer all data .

Okay , That's all HTTPS The principle of the theory is explained in detail , Such a beautiful picture with such a detailed process analysis , You can't make sense if you don't understand it. Ha ha .

4、 summary

Let's summarize HTTPS and HTTP And HTTPS The shortcomings of :

HTTPS and HTTP The difference between :

  • The most important difference is security ,HTTP Plaintext transmission , The security of not encrypting data is poor .HTTPS (HTTP + SSL / TLS) The data transmission process is encrypted , Good security .
  • Use HTTPS The agreement needs to be applied for CA certificate , Generally, there are fewer free certificates , So there is a certain cost . Certification authority such as :Symantec、Comodo、DigiCert and GlobalSign etc. .
  • HTTP Page response speed ratio HTTPS fast , It's easy to understand , Because of the addition of a layer of security , The process of establishing a connection is more complicated , And more data to be exchanged , It's hard to avoid affecting speed .
  • because HTTPS It's built on SSL / TLS Above HTTP agreement , therefore , than HTTP More server resources .
  • HTTPS and HTTP It USES a completely different connection , The ports are different , The former is 443, The latter is 80.

HTTPS The shortcomings of :

  • In the same network environment ,HTTPS comparison HTTP Both response time and power consumption have increased significantly .
  • HTTPS There's a range of security , In a hacker attack 、 Server hijacking and other situations hardly work .
  • Under the existing certificate mechanism , Man in the middle attacks are still possible .
  • HTTPS Need more server resources , It can also lead to higher costs .

At the end

Welcome to my official account 【 Calm as a code 】, Massive Java Related articles , Learning materials will be updated in it , The sorted data will also be put in it .

Like what you write , Just pay attention ! Focus , Neverlost , Continuous updating !!!

本文为[The wind and waves are as calm as a yard]所创,转载请带上原文链接,感谢

  1. 【计算机网络 12(1),尚学堂马士兵Java视频教程
  2. 【程序猿历程,史上最全的Java面试题集锦在这里
  3. 【程序猿历程(1),Javaweb视频教程百度云
  4. Notes on MySQL 45 lectures (1-7)
  5. [computer network 12 (1), Shang Xuetang Ma soldier java video tutorial
  6. The most complete collection of Java interview questions in history is here
  7. [process of program ape (1), JavaWeb video tutorial, baidu cloud
  8. Notes on MySQL 45 lectures (1-7)
  9. 精进 Spring Boot 03:Spring Boot 的配置文件和配置管理,以及用三种方式读取配置文件
  10. Refined spring boot 03: spring boot configuration files and configuration management, and reading configuration files in three ways
  11. 精进 Spring Boot 03:Spring Boot 的配置文件和配置管理,以及用三种方式读取配置文件
  12. Refined spring boot 03: spring boot configuration files and configuration management, and reading configuration files in three ways
  13. 【递归,Java传智播客笔记
  14. [recursion, Java intelligence podcast notes
  15. [adhere to painting for 386 days] the beginning of spring of 24 solar terms
  16. K8S系列第八篇(Service、EndPoints以及高可用kubeadm部署)
  17. K8s Series Part 8 (service, endpoints and high availability kubeadm deployment)
  18. 【重识 HTML (3),350道Java面试真题分享
  19. 【重识 HTML (2),Java并发编程必会的多线程你竟然还不会
  20. 【重识 HTML (1),二本Java小菜鸟4面字节跳动被秒成渣渣
  21. [re recognize HTML (3) and share 350 real Java interview questions
  22. [re recognize HTML (2). Multithreading is a must for Java Concurrent Programming. How dare you not
  23. [re recognize HTML (1), two Java rookies' 4-sided bytes beat and become slag in seconds
  24. 造轮子系列之RPC 1:如何从零开始开发RPC框架
  25. RPC 1: how to develop RPC framework from scratch
  26. 造轮子系列之RPC 1:如何从零开始开发RPC框架
  27. RPC 1: how to develop RPC framework from scratch
  28. 一次性捋清楚吧,对乱糟糟的,Spring事务扩展机制
  29. 一文彻底弄懂如何选择抽象类还是接口,连续四年百度Java岗必问面试题
  30. Redis常用命令
  31. 一双拖鞋引发的血案,狂神说Java系列笔记
  32. 一、mysql基础安装
  33. 一位程序员的独白:尽管我一生坎坷,Java框架面试基础
  34. Clear it all at once. For the messy, spring transaction extension mechanism
  35. A thorough understanding of how to choose abstract classes or interfaces, baidu Java post must ask interview questions for four consecutive years
  36. Redis common commands
  37. A pair of slippers triggered the murder, crazy God said java series notes
  38. 1、 MySQL basic installation
  39. Monologue of a programmer: despite my ups and downs in my life, Java framework is the foundation of interview
  40. 【大厂面试】三面三问Spring循环依赖,请一定要把这篇看完(建议收藏)
  41. 一线互联网企业中,springboot入门项目
  42. 一篇文带你入门SSM框架Spring开发,帮你快速拿Offer
  43. 【面试资料】Java全集、微服务、大数据、数据结构与算法、机器学习知识最全总结,283页pdf
  44. 【leetcode刷题】24.数组中重复的数字——Java版
  45. 【leetcode刷题】23.对称二叉树——Java版
  46. 【leetcode刷题】22.二叉树的中序遍历——Java版
  47. 【leetcode刷题】21.三数之和——Java版
  48. 【leetcode刷题】20.最长回文子串——Java版
  49. 【leetcode刷题】19.回文链表——Java版
  50. 【leetcode刷题】18.反转链表——Java版
  51. 【leetcode刷题】17.相交链表——Java&python版
  52. 【leetcode刷题】16.环形链表——Java版
  53. 【leetcode刷题】15.汉明距离——Java版
  54. 【leetcode刷题】14.找到所有数组中消失的数字——Java版
  55. 【leetcode刷题】13.比特位计数——Java版
  56. oracle控制用户权限命令
  57. 三年Java开发,继阿里,鲁班二期Java架构师
  58. Oracle必须要启动的服务
  59. 万字长文!深入剖析HashMap,Java基础笔试题大全带答案
  60. 一问Kafka就心慌?我却凭着这份,图灵学院vip课程百度云